So, I have successfully implemented my own MemberhipProvider and worked the way I intended.
I processed my actions using the [Authorize] attribute, and this also works exactly the way I want.
My question is where should I put code that determines how much access I have to use?
[Login] simply means that the current user is a valid user of the system. The current user can have UserAccess = 1, or 2, or 4, or 8, or whatever. Can I do this check in the Controller method? or should I transfer the user to my repository class and have the repository class return only those records that the current user has access to?
In other words, what is the best way to separate this concern? since it is related to authentication. I think I should pass the user to the Repository.GetData () method and perform the necessary checks.
The second part of this question: how to restrict access to a specific view based on the user? For example, if the current user has UserAccess = 2, I want to omit some fields, but if his UserAccess = 4, I want to show all the fields.
Update
After a bit more research, it looks like I could kill two birds with one stone if I implement my own RoleProvider - I see how I can do this to restrict access to data on the controller [Authorize(Roles = "Admin)] and it looks like the best option for me.How can I use it to render my view differently based on the role? Can I make separate views and return the correct view from the controller? Or do one view with built-in C #?
source share